Dialogue with 360 Hangcheng: How to break the “sequelae” of IE browser retirement?

A few days ago, the IE browser was retired and listed on the hot search. Some netizens said that “an era is over”, and some netizens said that they are “happy and popular”. Some users expressed some concerns about the imminent retirement of the IE browser, such as how to log in to some exam registration websites? Some netizens pointed out: In the future, engineers will finally not need to be compatible with IE when writing code.

There are different opinions, but the decline of IE is an indisputable fact. According to relevant data, IE’s share in the global desktop computer browser market is less than 2%.

Although the Chinese browser market started late, after years of development, many browser brands have been born. But from a technical point of view, there is no self-developed browser kernel in China, and some international giants, such as Google, still occupy most of the market share.

The withdrawal of IE has brought a series of sequelae to Chinese netizens, and it has also led to thinking about when domestic browsers can break through. Leifeng.com had an in-depth conversation with Hang Cheng, general manager of 360PC Browser Division, about whether it is necessary to conduct independent research and development of browsers in China, as well as the incompatibility and security issues brought about by the retirement of IE browsers. .

As a veteran who joined 360 in 2009, Hang Cheng has been working in the field of browsers for 11 years from technology to product. He said: “The withdrawal of IE still has a certain impact on the upstream and downstream environment of the Chinese market, but has little impact on the active use of users.”

According to public information, the current 360PC browser market penetration rate has reached 86.60%, and the average monthly active users have reached 425 million.

Hang Cheng believes that the delisting of IE will not have a significant impact on the usage pattern of browser users in the Chinese market; however, it will have a certain impact on websites developed based on IE.

IE browser delisting “sequelae”

Although the story of the browser started with the Netscape browser in 1994, the longest and most famous browser is Microsoft’s IE series of browsers. When the limelight was at its peak, it reached a market share of 95%. Although Microsoft said: “The Edge browser is very mature and can completely replace the IE browser.” But in terms of compatibility, IE still plays an irreplaceable role.

The browser field is a field that needs to be accumulated for a long time. The popularity of IE browser has caused many website developers to create pages that are based on IE’s special standards. On the other hand, Google’s ecological protection has also played a role in fueling the flames – many API interfaces based on Google are not supported, so most developers still develop based on IE.

With the retirement of the IE browser, there are hidden dangers for websites and applications developed based on the IE kernel.

Hang Cheng told Leifeng.com: “Chrome fully supports matching HTML5 standards, but IE is relatively derailed.” For Web development, HTML5 is supported, and various cool and important functions such as plug-in-free video, image animation, and ontology storage can be realized. For example, APIs such as window.showModalDialog() supported by IE are not supported by Google. If IE does not support it in the future, then websites developed based on IE will face the risk of compatibility. For example, if the online banking and ActiveX controls cannot be used, then the login and payment of the online banking will encounter problems.

In addition, many government websites are developed based on the IE kernel. Therefore, after IE announced its retirement, some netizens also raised concerns: how to log in in the future, such as the registration website for teacher qualification certificate exams, which previously required the IE browser to be opened?

So, what kind of measures should be taken to deal with this “retirement incident” for websites that really need to be opened with IE browser, especially for enterprises that are deeply bound to IE?

Hang Cheng suggested that websites or enterprises conduct self-inspection in a timely manner. “This is an essential step.” He explained that if the code is written in accordance with the HTML standard, it should not be a problem. However, almost all deeply bound applications such as banking and online banking are facing “rework”.

Hang Cheng also said that, despite this, enterprise users should not be too worried. Even if IE can no longer be used, some domestic platform manufacturers already have technical capabilities and reserves, so as to buy more time for enterprises to pass the buffer period and update the version smoothly. For example, the 360 ​​browser at the helm of Hang Cheng, its machine program can be automatically recognized, and it can make modification suggestions for enterprise users and developers who lack self-examination ability. It is understood that the previous XP system exit and windows upgrade, etc., 360 also helped to do vulnerability patches and upgrades, for a large number of enterprise users to gain more time to modify the website and avoid attacks.

Is it necessary to repeat “building wheels”

In fact, many domestic browsers are still using the kernel of foreign browsers. In other words, domestic browsers have not achieved true autonomy. So is it necessary to develop the browser kernel by yourself?

In an interview with Leifeng.com, a technician once said: to develop a mature browser kernel, the amount of code is between tens of millions to hundreds of millions, and at least 1,000 skilled engineers are needed. It takes more than 5 years and the cost will be up to billions.

With such a high cost, if it is not based on the existing kernel for development, is it necessary to repeat the matter of “building wheels”?

First of all, it needs to be clear that browsers and browser kernels are different concepts. Browsers refer to Chrome, Firefox, Safari, Opera, etc., while browser kernels are Blink, Webkit, Gecko, Trident, etc. The Trident kernel is also generally considered to be the IE kernel, but it was also developed by Microsoft after acquiring other companies and then modifying the code; Apple modified the Webkit kernel based on the open source engine KHTML. And Webkit is also favored by the software industry, and even the Google chromium kernel is modified based on Webkit.

Let’s look at the development of browsers in my country. It is understood that most of the domestic enterprises were developed based on the IE browser kernel at the beginning, and then based on the dual-core development of IE and Webkit, and finally switched to the Chromium kernel.

Whether the browser kernel is worthy of independent research and development, Hang Cheng believes that it should be viewed from two aspects: on the one hand, at the application level, China has also done localized functions, and it seems to be doing well at present, such as 360 supports dual kernels , compatible with IE and Google; on the other hand, at the kernel level, the necessity of making a new kernel for PK from 0 to 1 needs to be evaluated.

There is a judgment that in China, as long as the key problem of browser stuck neck can be solved, it can be temporarily avoided to avoid repeated wheel building. The key to the browser’s neck is not the kernel. One of the “stuck points” comes from the root certificate trust issue.

“If one day foreign manufacturers no longer issue us https certificates (that is, SSL certificates), but add our domain name to the untrusted list, then our website with https as the domain name will not be able to open,” Hang Cheng explained, because no matter what Kernel browsers such as Chrome or Edge are all in line with the international certificate by default. If the international certificate stops trusting, then domestic browsers based on IE or Chrome will not be able to open these websites.

The key to solving this problem is to establish China’s own root certificate system. At present, China has established a CFCA global server certificate (SSL certificate), which is compatible with international and domestic algorithms in terms of cryptographic algorithms and security technical services in light of my country’s national conditions.

In order to get rid of the dependence of third-party issuance of intermediate certificate authorities, Google has previously launched its own CA root certificate. In China, 360 has also become the first browser manufacturer in China to create its own root certificate and support the national secret certificate. This means that if more browsers support national secret certificates in the future, then China can also issue certificates to its own websites.

Hang Cheng said: “For domestic browsers, the most important thing is not to break through the technical gap and cost, but to solve the problem of stuck neck, which is also an ecological problem.” If a new kernel is to be built, then it is necessary to All existing websites are adapted, and this workload and operation difficulty are the most difficult problems to solve.

SaaS-based services are the next-gen dividend for the browser market

The exit of IE is the end of an era. In the infancy of the Internet, the browser was the most important tool for computers to connect to the Internet. The mobile Internet is changing faster than the Internet. Under the wheel of history, the browser market is always turbulent and never calm.

In the face of the impact of the mobile Internet era, Hang Cheng believes that from the perspective of the market, the demands of browser users will not decrease. On the other hand, the demands of browsers will not drop but rise.

In Hang Cheng’s view, “SaaS-based services are the next-generation dividends in the browser market.” Specifically, with the increasing demand for mobile office, many office applications have basically begun to be SaaS-based.

If the trend of online office has not prevailed in the past, as the epidemic has gradually become the norm, online collaborative office has become a rigid need. For example, online collaborative design software, online documents, and online OA systems, etc., cross-platform collaboration makes browser demand increase rather than decrease.

This also means that enterprise SaaS services may become a new growth point in the browser market.

As we all know, the business model of browsers is to optimize the online experience, provide online assistance, and promote advertising to users to realize monetization. The same is true for Google, which improves its own ecology by deeply binding Google search. The main demand is also to meet the needs of users’ life and entertainment, providing them with search, personalized skins, plug-ins, etc. Now, life entertainment can be done on mobile phones.

Therefore, the increase in demand for online office has also opened up new business models for browsers. At present, some enterprises have begun to try enterprise browsers, and browser manufacturers have also regarded SaaS services as a new selling point.

For example, deploying an enterprise browser. First, administrators can easily manage user behavior on all terminals, such as setting up a unified page or installing plug-ins for the company’s OA system, ERP system, GM system, etc., without the need for users to operate by themselves; secondly, a watermark can be set at the bottom of the browser , compared to the OA system, the watermark is more difficult to be blocked; again, if some websites need to be opened with the IE kernel, the operation can be locked as long as it is configured in the background, and no manual configuration is required by the user.

Hang Cheng believes that the digital development of China’s industry is an opportunity for domestic browser manufacturers. He revealed that in the future, 360 will focus on increasing office-related needs, such as co-working SaaS service providers for deep binding, “building a new moat for the 360 ​​browser.”

This article is reprinted from: https://www.leiphone.com/category/gbsecurity/07bxbq9zdwVCQvnu.html
This site is for inclusion only, and the copyright belongs to the original author.

Leave a Comment